The top 12 password-cracking techniques used by hackers
Some of the most common, and most effective, methods for stealing passwords
Passwords are the bane of any cyber security expert’s existence. They’re typically easy to crack, often reused and, in today’s era of biometrics and cryptography, are an antiquated way of protecting an account.
Unfortunately, it’s this ease of use that means passwords are still the primary method of user authentication, so it’s essential that we are all aware of the various methods that hackers use to try and gain access to this ‘secret’ code. After all, no matter how clever you think your password is, hackers will find a way to undermine it.
It’s worth noting that most of these hacking techniques are rendered useless in the face of robust multi-layer authentication.
12 password-cracking techniques used by hackers:
Perhaps the most commonly-used hacking technique today, phishing is the practice of attempting to steal user information by disguising malicious content as a trustworthy communication. Although the term is generally associated with email, and there are terms to describe other mediums - such as ‘smishing’ (SMS phishing) - phishing can occur across any type of electronic communication.
The typical tactic is to trick a user into clicking on an embedded link or downloading an attachment. Instead of being directed to a helpful resource, a malicious file is downloaded and executed on the user’s machine. What happens next depends entirely on the malware being executed – some may encrypt files and prevent the user from accessing the machine, while others may attempt to stay hidden in order to act as a backdoor for other malware.
As computer literacy has improved over the years, and as users have grown accustomed to online threats, phishing techniques have had to become more sophisticated. Today’s phishing usually involves some form of social engineering, where the message will appear to have been sent from a legitimate, often well-known company, informing their customers that they need to take action of some kind. Netflix, Amazon, and Facebook are often used for this purpose, as it’s highly likely that the victim will have an account associated with these brands.
Don’t just educate: Create cyber-safe behaviour
Designing effective security awareness and training programmesDownload now
The days of emails from supposed princes in Nigeria looking for an heir, or firms acting on behalf of wealthy deceased relatives, are few and far between these days, although you can still find the odd, wildly extravagant, claim here and there.
Our recent favourite is the case of the first Nigerian astronaut who is unfortunately lost in space and needs us to act as a man in the middle for a $3 million dollar transfer to the Russian Space Agency – which apparently does return flights.
2. Social engineering
Speaking of social engineering, this typically refers to the process of tricking users into believing the hacker is a legitimate agent. A common tactic is for hackers to call a victim and pose as technical support, asking for things like network access passwords in order to provide assistance. This can be just as effective if done in person, using a fake uniform and credentials, although that’s far less common these days.
Successful social engineering attacks can be incredibly convincing and highly lucrative, as was the case when the CEO of a UK-based energy company lost £201,000 to hackers after they tricked him with an AI tool that mimicked his assistant’s voice.
Keyloggers, screen scrapers, and a host of other malicious tools all fall under the umbrella of malware, malicious software designed to steal personal data. Alongside highly disruptive malicious software like ransomware, which attempts to block access to an entire system, there are also highly specialised malware families that target passwords specifically.
Keyloggers, and their ilk, record a user’s activity, whether that’s through keystrokes or screenshots, which is all then shared with a hacker. Some malware will even proactively hunt through a user’s system for password dictionaries or data associated with web browsers.
In This Article
- 1The top 12 password-cracking techniques used by hackers - currently reading
- 2Password-cracking techniques – Brute force attack, Dictionary attack, Mask attack
- 3Password-cracking techniques – Rainbow tables, Spidering, network analysers
- 4Password-cracking techniques – Offline cracking, shoulder surfing, guessing
Four cyber security essentials that your board of directors wants to know
The insights to help you deliver what they needDownload now
Data: A resource much too valuable to leave unprotected
Protect your data to protect your companyDownload now
Improving cyber security for remote working
13 recommendations for security from any locationDownload now
Why CEOS should care about the move to SAP S/4HANA
And how they can accelerate business valueDownload now